NativePHP
NativePhp Mobile - How safe are user credentials within sqlite? #701
-
|
Love NativePhp, close to buying a mobile license, total newbie at sqlite in mobile apps, not sure if NativePhp's implementation of sqlite is the same as how other apps would implement. How safe is the data in the sqlite db, including the user's credentials in the laravel users table? I assume that the sqlite db is isolated from the OS or other apps? Perhaps a jailbroken device or device backups might make the sqlite data accessible? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Hi NativePhp Team, Apologies for my newbie question - it would be really terrific if someone could give me a steer. Thx again for a great product. |
Beta Was this translation helpful? Give feedback.
-
|
You should never store user credentials unencrypted. Use something like SecureStorage instead: It depends on your app what you store in the database or even in plain files and you as a developer decide which data should be encrypted before storing it. You can also store encrypted content in the SQLite DB. The docs show how you could do that: So the idea is to generate an encryption key and store that key in SecureStorage - then you can use that key to encrypt/decrypt content of the local DB. |
Beta Was this translation helpful? Give feedback.
You should never store user credentials unencrypted. Use something like SecureStorage instead:
https://nativephp.com/docs/mobile/1/apis/secure-storage
It depends on your app what you store in the database or even in plain files and you as a developer decide which data should be encrypted before storing it. You can also store encrypted content in the SQLite DB. The docs show how you could do that:
https://nativephp.com/docs/mobile/1/concepts/security
So the idea is to generate an encryption key and store that key in SecureStorage - then you can use that key to encrypt/decrypt content of the local DB.